Bob14

**Name of the Vulnerable Software and Affected Versions** Ollama versions 0.11.5-rc0 through 0.13.5 **Description** Ollama contains a flaw due to insufficient validation of base64-encoded image data. Specifically, when processing image data through the `/api/chat` endpoint, the application does not verify the validity of the decoded media before passing it to the `mtmd helper bitmap init from buf` function. If this function returns NULL, indicating malformed input, the code proceeds to dereference the NULL pointer, leading to a segmentation fault and a denial of service. This can cause the model to become unavailable until the service is restarted. The vulnerability exists in the multi-modal model image processing functionality. **Recommendations** Update Ollama to a version newer than 0.13.5.